Why Data Breaches Are Bad for Your Business’ Reputation

Given the public’s short attention span and the rapid turnover of items in a news cycle, a corporate executive can be excused for dismissing the reputation effects of a data breach on his or her business.

That executive might believe that any short-term loss of value from the breach will be quickly recovered as the company recovers from the breach itself.

This implies that there is a causative relationship between a data breach and a company’s loss in value and reputation.Recent reports of large-scale data breaches emphasize this causative relationship

Hurts Public Perception

The public perception of the credit score company, Equifax, was weak even before it reported the loss of more than 140 million consumer records in a data breach. After the report became public, the company’s perception among consumers became overwhelmingly negative.

Making matters worse, the company mishandled its first attempts to offer affected consumers a monitoring service to alert them to identity theft problems.

Uber Incident Impact

The ride-share company, Uber, had already been struggling to prop up its reputation following a series of highly-publicized missteps when it reported its data breach loss of the personal information more than 57 million drivers and riders.

Uber attempted to quash news of the data breach by paying hackers $100,000 to delete the customer and driver records they had stolen. The company continues to face questions about its data protection and privacy policies.

Target Incident Impact

The consumer products retailer, Target, has mostly recovered from the massive data breach it suffered in 2016. In the wake of that breach, Target experienced a sales decline of more than 46 percent on a year-to-year basis with a corresponding 10 percent decline in the price of its stock.

Target appears to have taken strong steps toward rebuilding its image and reputation with a commitment to spend more than $100 million on cybersecurity and data breach protection.

Plan For The Worst

A 2014 study by the Ponemon Institute indicates that data breaches can have the same or worse impact on consumer sentiment as poor customer service and environmental disasters. Organizations at least have some control over how they treat their customers and whether their business practices impact the environment.

They can erect barriers and adopt policies that reduce the likelihood of data breaches, yet cyber attackers continue to find ways to get around those barriers.

A successful data breach might not be inevitable, but in the current environment, companies that are concerned with protecting and maintaining their relationships need to hope for the best but plan for the worst.

Target’s response to the data breach it experienced is illustrative. Showing a commitment to cybersecurity by budgeting for new security measures will give consumers clear evidence of a company’s concerns over its customers’ personal and financial information.

Unlike Target, few companies can afford to spend $100 million for this purpose. As an alternative, those companies should consider procuring data breach insurance.

Insurance Could Be Helpful

A good data breach insurance policy will cover a company’s direct losses and third-party liabilities that arise from the breach. Consumers whose personal and financial data are stolen in a breach will generally not hesitate to sue the affected company for its failure to take better care of their data.

Data breach insurance can cover the legal defense costs associated with that litigation and can help to pay for data monitoring and identity theft protection services for affected consumers. Having the resources available for these purposes will allow a company to recover its reputation more quickly, and can minimize both the near- and long-term reputational consequences of the data breach.